Is your feature request related to a problem? Please describe.
We operate Strongswan/Libreswan based VPNs on AWS. We would like to operate route-based VPN tunnels based on XFRM interfaces (see Strongswan documentation)
AL2023 (and even AL2) use a compatible kernel version + iproute version, but unfortunately the xfrm_interface kernel module is neither built nor available. We also cannot build it ourself as understandably AL2023 requires kernel modules to be signed.
Describe the solution you'd like
I would like for the xfrm_interface kernel module to be made available, so I can load it into my instance's kernel
Describe alternatives you've considered
Using Ubuntu: latest ubuntu builds this module. We want to remain with AL2023 if possible
Building module ourselves: can't load it into the kernel without signing, or disabling module signature verification
Additional context
AL2023:
$ find /lib/modules/6.1.87-99.174.amzn2023.aarch64/ -type f -name '*.ko' | grep net | grep xfrm
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/ipv4/xfrm4_tunnel.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/ipv6/xfrm6_tunnel.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/netfilter/nft_xfrm.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_algo.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_ipcomp.ko
/lib/modules/6.1.87-99.174.amzn2023.aarch64/kernel/net/xfrm/xfrm_user.ko
Ubuntu 22.04:
root@ubuntu:/home/ubuntu# find /lib/modules/5.15.0-94-generic/ -type f -name '*.ko' | grep net | grep xfrm
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_user.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_algo.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_ipcomp.ko
/lib/modules/5.15.0-94-generic/kernel/net/xfrm/xfrm_interface.ko
/lib/modules/5.15.0-94-generic/kernel/net/netfilter/nft_xfrm.ko
/lib/modules/5.15.0-94-generic/kernel/net/ipv6/xfrm6_tunnel.ko
/lib/modules/5.15.0-94-generic/kernel/net/ipv4/xfrm4_tunnel.ko
Is your feature request related to a problem? Please describe.
We operate Strongswan/Libreswan based VPNs on AWS. We would like to operate route-based VPN tunnels based on XFRM interfaces (see Strongswan documentation)
AL2023 (and even AL2) use a compatible kernel version + iproute version, but unfortunately the xfrm_interface kernel module is neither built nor available. We also cannot build it ourself as understandably AL2023 requires kernel modules to be signed.
Describe the solution you'd like
I would like for the xfrm_interface kernel module to be made available, so I can load it into my instance's kernel
Describe alternatives you've considered
Additional context
AL2023:
Ubuntu 22.04: